Someone reports receiving phishing emails "from us"
Read: spoofing. Someone is abusing your sender name, not necessarily your actual mailbox.
Try this first
- 1Ask the recipient to forward the message header. The real sending-server address is in there; almost never your infrastructure.
- 2Run the Domain quickscan: if your DMARC policy is "none", spoofing is hard to block. Set to "quarantine" or "reject" and most attempts stop.
- 3Send a short note to your clients: "We never send unsolicited payment or login links". Lowers damage from future spoofing.
- 4Do not panic-change anything; no password resets, do not disable mailboxes. That does not fix spoofing (your mailbox is not hacked).
When to bring us in
Multiple recipients, or the phishing message has a functional-looking reply address at your domain? Reach out. We will get DMARC set properly and filter the known abuse paths.
See also
- Our emails land in spam for some recipientsAlmost always an SPF, DKIM, or DMARC setting that is wrong or missing, or a sender name that mimics a well-known brand.
- An email bounces (NDR): delivery failedThe NDR text usually states the exact reason. Reading it is step one.
- The domain scan says SPF/DKIM/DMARC is missing: what does that mean?Three small DNS records that tell receivers "this server may send on my behalf". Without them you are an open invitation.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.